コンテナ向けセキュリティプロファイル生成ツールの紹介
https://qiita.com/kikasas/items/58ebc0da27b2eb7040a7?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #SELinux #container #AppArmor #SECCOMP #Podman

You know, I think I understand the gripes of people with SELinux as the damned thing can be a bunch of nonsense. Not because it's actually bad, but because complexity can cause unique problems on computers.

I think that I've had my fill of touching computers today and just want to play a game. Probably on my console, as I don't have to get too deep in the reeds with troubleshooting that thing.

#openSUSE #seLinux

Seems like I fixed my SElinux problems, after a big openSUSE Tumbleweed update. Seems like "touch /.autorelabel" and a reboot helped for the time being. As sometimes an update can introduce unexpected issues into one's system.

This is natural and expected so I didn't panic at all, just hunted for a solution for the first two hours of my day (unfortunately dodging breakfast).

There is also another fix that is coming down the pipeline for all users soonish...Thankfully, I won't have to dig any deeper for the time being.

As my understanding of SElinux is very scant (some solutions required truly knowing what you are doing) and I need to eat instead of hyper-fixating on learning something.

#Linux #seLinux

SELinux больше не враг, а помощник, или как мы подружили его с админами

Привет, Хабр! Меня зовут Ольга, я инженер по автоматизации в компании РЕД СОФТ. Моя работа – превращать сложные и рутинные задачи системных администраторов в простые и понятные конфигурации в РЕД АДМ. Сегодня поговорим о системе, которая у многих администраторов вызывает легкую (или не очень) дрожь – о SELinux.

https://habr.com/ru/companies/redsoft/articles/1002888/

#SELinux #Безопасность #Администрирование #администрирование_linuxсистем #DevOps #РЕД_АДМ #Linux #Автоматизация #Управление_конфигурациями #Open_Source

Stop running setenforce 0 and pretending SELinux doesn't exist.

I wrote a practical guide to actually working with SELinux on Fedora and RHEL: Contexts, booleans, troubleshooting denials, container volume labels, and the commands you'll actually use.

No policy theory rabbit holes. Just the stuff that gets you unstuck.

https://blog.hofstede.it/selinux-a-practical-guide-for-fedora-and-rhel/

#SELinux #Fedora #RHEL #Linux #sysadmin #infosec #itsec

I swear the Linux version of “it's always DNS” is “it's always SELinux” 🤦🏻‍♂️

#itsalwaysdns #itsalwaysselinux #selinux

Hey, my server hasn't actually been running backups since the last time I did it by hand, because SElinux and systemd are apparently having an argument about it.

Running it by hand now, dunno when I'll be able to resolve that nonsense correctly. Literally just a shell script that runs restic. 😓

#selinux #systemd #ohshit

So today was called in an emergency as our server was infected, and yet again selinux saved our ass, as it forced the guy to make a move that was detected by our blue team, but had to verify every single device on the network (fun sunday),

so to all "smart" people who disable selinux ... enable it back and learn to fix selinux issue or else.

#selinux #linux #security #cybersecurity